|
| 1 | +/* |
| 2 | +Copyright 2014 The Kubernetes Authors. |
| 3 | +
|
| 4 | +Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | +you may not use this file except in compliance with the License. |
| 6 | +You may obtain a copy of the License at |
| 7 | +
|
| 8 | + http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | +
|
| 10 | +Unless required by applicable law or agreed to in writing, software |
| 11 | +distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | +See the License for the specific language governing permissions and |
| 14 | +limitations under the License. |
| 15 | +*/ |
| 16 | + |
| 17 | +package types |
| 18 | + |
| 19 | +// NOTE: This Config type definition is copied from k8s.io/client-go/tools/clientcmd/api/v1/types.go |
| 20 | +// for parsing the kube config yaml. The "k8s.io/apimachinery/pkg/runtime" dependency has |
| 21 | +// been removed. |
| 22 | + |
| 23 | +// Where possible, json tags match the cli argument names. |
| 24 | +// Top level config objects and all values required for proper functioning are not "omitempty". Any truly optional piece of config is allowed to be omitted. |
| 25 | + |
| 26 | +// Config holds the information needed to build connect to remote kubernetes clusters as a given user |
| 27 | +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object |
| 28 | +type Config struct { |
| 29 | + // Legacy field from pkg/api/types.go TypeMeta. |
| 30 | + // TODO(jlowdermilk): remove this after eliminating downstream dependencies. |
| 31 | + // +k8s:conversion-gen=false |
| 32 | + // +optional |
| 33 | + Kind string `json:"kind,omitempty"` |
| 34 | + // Legacy field from pkg/api/types.go TypeMeta. |
| 35 | + // TODO(jlowdermilk): remove this after eliminating downstream dependencies. |
| 36 | + // +k8s:conversion-gen=false |
| 37 | + // +optional |
| 38 | + APIVersion string `json:"apiVersion,omitempty"` |
| 39 | + // Preferences holds general information to be use for cli interactions |
| 40 | + Preferences Preferences `json:"preferences"` |
| 41 | + // Clusters is a map of referencable names to cluster configs |
| 42 | + Clusters []NamedCluster `json:"clusters"` |
| 43 | + // AuthInfos is a map of referencable names to user configs |
| 44 | + AuthInfos []NamedAuthInfo `json:"users"` |
| 45 | + // Contexts is a map of referencable names to context configs |
| 46 | + Contexts []NamedContext `json:"contexts"` |
| 47 | + // CurrentContext is the name of the context that you would like to use by default |
| 48 | + CurrentContext string `json:"current-context"` |
| 49 | + // Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields |
| 50 | + // +optional |
| 51 | + Extensions []NamedExtension `json:"extensions,omitempty"` |
| 52 | +} |
| 53 | + |
| 54 | +type Preferences struct { |
| 55 | + // +optional |
| 56 | + Colors bool `json:"colors,omitempty"` |
| 57 | + // Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields |
| 58 | + // +optional |
| 59 | + Extensions []NamedExtension `json:"extensions,omitempty"` |
| 60 | +} |
| 61 | + |
| 62 | +// Cluster contains information about how to communicate with a kubernetes cluster |
| 63 | +type Cluster struct { |
| 64 | + // Server is the address of the kubernetes cluster (https://hostname:port). |
| 65 | + Server string `json:"server"` |
| 66 | + // TLSServerName is used to check server certificate. If TLSServerName is empty, the hostname used to contact the server is used. |
| 67 | + // +optional |
| 68 | + TLSServerName string `json:"tls-server-name,omitempty"` |
| 69 | + // InsecureSkipTLSVerify skips the validity check for the server's certificate. This will make your HTTPS connections insecure. |
| 70 | + // +optional |
| 71 | + InsecureSkipTLSVerify bool `json:"insecure-skip-tls-verify,omitempty"` |
| 72 | + // CertificateAuthority is the path to a cert file for the certificate authority. |
| 73 | + // +optional |
| 74 | + CertificateAuthority string `json:"certificate-authority,omitempty"` |
| 75 | + // CertificateAuthorityData contains PEM-encoded certificate authority certificates. Overrides CertificateAuthority |
| 76 | + // +optional |
| 77 | + CertificateAuthorityData []byte `json:"certificate-authority-data,omitempty"` |
| 78 | + // ProxyURL is the URL to the proxy to be used for all requests made by this |
| 79 | + // client. URLs with "http", "https", and "socks5" schemes are supported. If |
| 80 | + // this configuration is not provided or the empty string, the client |
| 81 | + // attempts to construct a proxy configuration from http_proxy and |
| 82 | + // https_proxy environment variables. If these environment variables are not |
| 83 | + // set, the client does not attempt to proxy requests. |
| 84 | + // |
| 85 | + // socks5 proxying does not currently support spdy streaming endpoints (exec, |
| 86 | + // attach, port forward). |
| 87 | + // +optional |
| 88 | + ProxyURL string `json:"proxy-url,omitempty"` |
| 89 | + // DisableCompression allows client to opt-out of response compression for all requests to the server. This is useful |
| 90 | + // to speed up requests (specifically lists) when client-server network bandwidth is ample, by saving time on |
| 91 | + // compression (server-side) and decompression (client-side): https://github.com/kubernetes/kubernetes/issues/112296. |
| 92 | + // +optional |
| 93 | + DisableCompression bool `json:"disable-compression,omitempty"` |
| 94 | + // Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields |
| 95 | + // +optional |
| 96 | + Extensions []NamedExtension `json:"extensions,omitempty"` |
| 97 | +} |
| 98 | + |
| 99 | +// AuthInfo contains information that describes identity information. This is use to tell the kubernetes cluster who you are. |
| 100 | +type AuthInfo struct { |
| 101 | + // ClientCertificate is the path to a client cert file for TLS. |
| 102 | + // +optional |
| 103 | + ClientCertificate string `json:"client-certificate,omitempty"` |
| 104 | + // ClientCertificateData contains PEM-encoded data from a client cert file for TLS. Overrides ClientCertificate |
| 105 | + // +optional |
| 106 | + ClientCertificateData []byte `json:"client-certificate-data,omitempty"` |
| 107 | + // ClientKey is the path to a client key file for TLS. |
| 108 | + // +optional |
| 109 | + ClientKey string `json:"client-key,omitempty"` |
| 110 | + // ClientKeyData contains PEM-encoded data from a client key file for TLS. Overrides ClientKey |
| 111 | + // +optional |
| 112 | + ClientKeyData []byte `json:"client-key-data,omitempty" datapolicy:"security-key"` |
| 113 | + // Token is the bearer token for authentication to the kubernetes cluster. |
| 114 | + // +optional |
| 115 | + Token string `json:"token,omitempty" datapolicy:"token"` |
| 116 | + // TokenFile is a pointer to a file that contains a bearer token (as described above). If both Token and TokenFile are present, Token takes precedence. |
| 117 | + // +optional |
| 118 | + TokenFile string `json:"tokenFile,omitempty"` |
| 119 | + // Impersonate is the username to impersonate. The name matches the flag. |
| 120 | + // +optional |
| 121 | + Impersonate string `json:"as,omitempty"` |
| 122 | + // ImpersonateUID is the uid to impersonate. |
| 123 | + // +optional |
| 124 | + ImpersonateUID string `json:"as-uid,omitempty"` |
| 125 | + // ImpersonateGroups is the groups to impersonate. |
| 126 | + // +optional |
| 127 | + ImpersonateGroups []string `json:"as-groups,omitempty"` |
| 128 | + // ImpersonateUserExtra contains additional information for impersonated user. |
| 129 | + // +optional |
| 130 | + ImpersonateUserExtra map[string][]string `json:"as-user-extra,omitempty"` |
| 131 | + // Username is the username for basic authentication to the kubernetes cluster. |
| 132 | + // +optional |
| 133 | + Username string `json:"username,omitempty"` |
| 134 | + // Password is the password for basic authentication to the kubernetes cluster. |
| 135 | + // +optional |
| 136 | + Password string `json:"password,omitempty" datapolicy:"password"` |
| 137 | + // AuthProvider specifies a custom authentication plugin for the kubernetes cluster. |
| 138 | + // +optional |
| 139 | + AuthProvider *AuthProviderConfig `json:"auth-provider,omitempty"` |
| 140 | + // Exec specifies a custom exec-based authentication plugin for the kubernetes cluster. |
| 141 | + // +optional |
| 142 | + Exec *ExecConfig `json:"exec,omitempty"` |
| 143 | + // Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields |
| 144 | + // +optional |
| 145 | + Extensions []NamedExtension `json:"extensions,omitempty"` |
| 146 | +} |
| 147 | + |
| 148 | +// Context is a tuple of references to a cluster (how do I communicate with a kubernetes cluster), a user (how do I identify myself), and a namespace (what subset of resources do I want to work with) |
| 149 | +type Context struct { |
| 150 | + // Cluster is the name of the cluster for this context |
| 151 | + Cluster string `json:"cluster"` |
| 152 | + // AuthInfo is the name of the authInfo for this context |
| 153 | + AuthInfo string `json:"user"` |
| 154 | + // Namespace is the default namespace to use on unspecified requests |
| 155 | + // +optional |
| 156 | + Namespace string `json:"namespace,omitempty"` |
| 157 | + // Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields |
| 158 | + // +optional |
| 159 | + Extensions []NamedExtension `json:"extensions,omitempty"` |
| 160 | +} |
| 161 | + |
| 162 | +// NamedCluster relates nicknames to cluster information |
| 163 | +type NamedCluster struct { |
| 164 | + // Name is the nickname for this Cluster |
| 165 | + Name string `json:"name"` |
| 166 | + // Cluster holds the cluster information |
| 167 | + Cluster Cluster `json:"cluster"` |
| 168 | +} |
| 169 | + |
| 170 | +// NamedContext relates nicknames to context information |
| 171 | +type NamedContext struct { |
| 172 | + // Name is the nickname for this Context |
| 173 | + Name string `json:"name"` |
| 174 | + // Context holds the context information |
| 175 | + Context Context `json:"context"` |
| 176 | +} |
| 177 | + |
| 178 | +// NamedAuthInfo relates nicknames to auth information |
| 179 | +type NamedAuthInfo struct { |
| 180 | + // Name is the nickname for this AuthInfo |
| 181 | + Name string `json:"name"` |
| 182 | + // AuthInfo holds the auth information |
| 183 | + AuthInfo AuthInfo `json:"user"` |
| 184 | +} |
| 185 | + |
| 186 | +// NamedExtension relates nicknames to extension information |
| 187 | +type NamedExtension struct { |
| 188 | + // Name is the nickname for this Extension |
| 189 | + Name string `json:"name"` |
| 190 | + // Extension holds the extension information |
| 191 | + Extension interface{} `json:"extension"` |
| 192 | +} |
| 193 | + |
| 194 | +// AuthProviderConfig holds the configuration for a specified auth provider. |
| 195 | +type AuthProviderConfig struct { |
| 196 | + Name string `json:"name"` |
| 197 | + Config map[string]string `json:"config"` |
| 198 | +} |
| 199 | + |
| 200 | +// ExecConfig specifies a command to provide client credentials. The command is exec'd |
| 201 | +// and outputs structured stdout holding credentials. |
| 202 | +// |
| 203 | +// See the client.authentication.k8s.io API group for specifications of the exact input |
| 204 | +// and output format |
| 205 | +type ExecConfig struct { |
| 206 | + // Command to execute. |
| 207 | + Command string `json:"command"` |
| 208 | + // Arguments to pass to the command when executing it. |
| 209 | + // +optional |
| 210 | + Args []string `json:"args"` |
| 211 | + // Env defines additional environment variables to expose to the process. These |
| 212 | + // are unioned with the host's environment, as well as variables client-go uses |
| 213 | + // to pass argument to the plugin. |
| 214 | + // +optional |
| 215 | + Env []ExecEnvVar `json:"env"` |
| 216 | + |
| 217 | + // Preferred input version of the ExecInfo. The returned ExecCredentials MUST use |
| 218 | + // the same encoding version as the input. |
| 219 | + APIVersion string `json:"apiVersion,omitempty"` |
| 220 | + |
| 221 | + // This text is shown to the user when the executable doesn't seem to be |
| 222 | + // present. For example, `brew install foo-cli` might be a good InstallHint for |
| 223 | + // foo-cli on Mac OS systems. |
| 224 | + InstallHint string `json:"installHint,omitempty"` |
| 225 | + |
| 226 | + // ProvideClusterInfo determines whether or not to provide cluster information, |
| 227 | + // which could potentially contain very large CA data, to this exec plugin as a |
| 228 | + // part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set |
| 229 | + // to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for |
| 230 | + // reading this environment variable. |
| 231 | + ProvideClusterInfo bool `json:"provideClusterInfo"` |
| 232 | + |
| 233 | + // InteractiveMode determines this plugin's relationship with standard input. Valid |
| 234 | + // values are "Never" (this exec plugin never uses standard input), "IfAvailable" (this |
| 235 | + // exec plugin wants to use standard input if it is available), or "Always" (this exec |
| 236 | + // plugin requires standard input to function). See ExecInteractiveMode values for more |
| 237 | + // details. |
| 238 | + // |
| 239 | + // If APIVersion is client.authentication.k8s.io/v1alpha1 or |
| 240 | + // client.authentication.k8s.io/v1beta1, then this field is optional and defaults |
| 241 | + // to "IfAvailable" when unset. Otherwise, this field is required. |
| 242 | + //+optional |
| 243 | + InteractiveMode ExecInteractiveMode `json:"interactiveMode,omitempty"` |
| 244 | +} |
| 245 | + |
| 246 | +// ExecEnvVar is used for setting environment variables when executing an exec-based |
| 247 | +// credential plugin. |
| 248 | +type ExecEnvVar struct { |
| 249 | + Name string `json:"name"` |
| 250 | + Value string `json:"value"` |
| 251 | +} |
| 252 | + |
| 253 | +// ExecInteractiveMode is a string that describes an exec plugin's relationship with standard input. |
| 254 | +type ExecInteractiveMode string |
| 255 | + |
| 256 | +const ( |
| 257 | + // NeverExecInteractiveMode declares that this exec plugin never needs to use standard |
| 258 | + // input, and therefore the exec plugin will be run regardless of whether standard input is |
| 259 | + // available for user input. |
| 260 | + NeverExecInteractiveMode ExecInteractiveMode = "Never" |
| 261 | + // IfAvailableExecInteractiveMode declares that this exec plugin would like to use standard input |
| 262 | + // if it is available, but can still operate if standard input is not available. Therefore, the |
| 263 | + // exec plugin will be run regardless of whether stdin is available for user input. If standard |
| 264 | + // input is available for user input, then it will be provided to this exec plugin. |
| 265 | + IfAvailableExecInteractiveMode ExecInteractiveMode = "IfAvailable" |
| 266 | + // AlwaysExecInteractiveMode declares that this exec plugin requires standard input in order to |
| 267 | + // run, and therefore the exec plugin will only be run if standard input is available for user |
| 268 | + // input. If standard input is not available for user input, then the exec plugin will not be run |
| 269 | + // and an error will be returned by the exec plugin runner. |
| 270 | + AlwaysExecInteractiveMode ExecInteractiveMode = "Always" |
| 271 | +) |
0 commit comments